EU General Data Protection Regulation 2017-11-19T22:26:15+00:00

RiskVision Approach to
European Union General Data Protection Regulation

On 27 April 2016, the European Union passed a General Data Protection Regulation (GDPR) EU 2016/679 that has far-reaching ramifications on what must be done to protect personal data. Organizations must be in compliance by 25 May 2018. GDPR fines are calculated as 2-4% global revenue, apply to personal data at all locations with business activity, and hold in their scope all processing of personal data. It is not limited to personal data loss, so stakes are significant.

RiskVision is uniquely suited to help data controller and data processor organizations comply with this regulation and ensure they cost-effectively avoid potentially massive penalties.

The RiskVision (RV) GDPR Solution Pack includes the following:

  • Asset Classification – Using the RV Platform CPE / GCC catalogs, business hierarchy and modeling of tangible (i.e. technologies, facilities) and intangible (i.e. personal data, identities) assets, organizations can classify assets on EU GDPR risk priorities.
  • Policy Management / Attestation – using EU GDPR policies and RV Policy Manager (PM), organizations can cross-reference existing policies to EU GDPR to ensure compliance, with automatic distribution and collection of employee attestations.
  • First Party Controls Assessment – RV provides EU GDPR controls in its ISO 27002 (Premise) and ISO 27018 (Cloud) content packs that are used by the RV Compliance Manager (CM) to assemble questionnaires about organizational assets.
  • Third Party Classification / Assessment – RV’s Vendor Risk Manager (VRM) classifies third parties by risk level and automates the collection of their compliance data on EU GDPR controls via a certified secure Cloud outside an organization’s DMZ.
  • Vulnerability Management – RV offers data connectors to leverage threat intelligence, exploit databases and vulnerability scanners for asset vulnerability risk scoring and remediation prioritization via its Threat and Vulnerability Manager (TVM).
  • Incident Notification – Using RV data connectors from DLP, SIEM and endpoint tools to RV Incident Manager (IM), data and logs are risk scored to threshold-alert data subjects and relevant authorities, so timely notification (under 72 hours) is achieved.
  • Audit and Regulatory Reporting – RV’s Platform has a self-service analytics/BI tool to create charts, dashboards, and reports for audit and EU regulatory reporting.

RiskVision’s unique combination of out-of-the-box asset, policy and compliance management affecting first and third parties, big data integration and orchestration in Cloud and On Premise, incident management scoring and notification, and audit / regulatory reporting, make it the ideal approach to manage the wide-reaching requirements of the new EU GDPR directive.

 Related Information

RiskVision Corporate Brochure


GDPR Product  Bulletin


Blue Hill Report